salesmate-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill requires the user to add an external MCP server endpoint (https://rube.app/mcp). This dependency is intrinsic to the skill's primary purpose and is considered safe within this context.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it dynamically ingests tool schemas from a remote source. 1. Ingestion points: RUBE_SEARCH_TOOLS responses in the core workflow. 2. Boundary markers: No delimiters or warnings are used to sequester remote schema data. 3. Capability inventory: Includes remote tool execution via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. 4. Sanitization: None described in the documentation.
- [SAFE] (SAFE): No malicious code, obfuscation, or data exfiltration patterns were detected in the skill instructions. All operations are consistent with the stated goal of Salesmate automation.
Audit Metadata